The GRE encap on a software based router like an ISR should be
resolved in CEF from the start, so it shouldn't be two CEF lookups.
However, on the software based platforms, every feature you turn on
takes a little more CPU so even with a single lookup I wouldn't expect
the same performance from GRE
On Thursday 18 November 2010 18:18:04 Sam Chesluk wrote:
> There are a couple potential issues, that when looked at in whole, add
> up to a significant performance impact.
>
> 1) IPSec + GRE involves two forwarding operations, one to send it to the
> tunnel interface , and another to send the now-
On Thu, Nov 18, 2010 at 02:47:35PM -0800, Seth Mattinen wrote:
> The ISR series do have onboard hardware crypto, but I don't know offhand
> if it can handle a full DS3 worth.
>
> My first guess is fragment reassembly would probably kill it fast.
We're not seeing fragmentation. The MTU of the phys
On Thu, Nov 18, 2010 at 03:18:04PM -0800, Sam Chesluk wrote:
> 2) While the IPSec portion is hardware accelerated, the GRE
> encapsulation is not, unless this is a Cat6500/CISCO7600 router, or
> 7200VXR with C7200-VSA card. Because of this, the GRE process itself
> will consume a fairly large amou
: Re: Cisco GRE/IPSec performance, 3845 ISR/3945 ISR G2
On 11/18/2010 14:39, Pete Lumbis wrote:
> This is probably more appropriate for the cisco-nsp list, but what
> process is taking up the CPU or is it due to interrupts?
> To the best of my knowledge the crypto should be hardware acceler
...@rollernet.us]
Sent: Thursday, November 18, 2010 3:48 PM
To: nanog@nanog.org
Subject: Re: Cisco GRE/IPSec performance, 3845 ISR/3945 ISR G2
On 11/18/2010 14:39, Pete Lumbis wrote:
> This is probably more appropriate for the cisco-nsp list, but what
> process is taking up the CPU or is it
On 11/18/2010 14:39, Pete Lumbis wrote:
> This is probably more appropriate for the cisco-nsp list, but what
> process is taking up the CPU or is it due to interrupts?
> To the best of my knowledge the crypto should be hardware accelerated,
> while everything else is going to be done in software on
This is probably more appropriate for the cisco-nsp list, but what
process is taking up the CPU or is it due to interrupts?
To the best of my knowledge the crypto should be hardware accelerated,
while everything else is going to be done in software on the 3800.
-Pete
On Thu, Nov 18, 2010 at 11:1
We're running GRE/IPSec transport over a point-to-point DS3.
We're also doing some QoS. The traffic mix is voice; our
average packet size can be as low as 250 bytes at times.
We are seeing incredibly high CPU when the traffic levels
approach 30Mb/s and around 11kpps in each direction, at times
ov
9 matches
Mail list logo
